- From: Jim Ley <jim@jibbering.com>
- Date: Sun, 5 Mar 2006 20:15:36 -0000
- To: "Web API WG" <public-webapi@w3.org>
"ROBO Design" <robodesign@gmail.com> > 1. Any script must not be allowed to read and write clipboard data unless > the user allows so (via a confirmation or a setting in the UA, whatever). > This must be a requirement. > > This is a security concern that, for example, IE doesn't deal with. Any > web site can overwrite clipboard data, or read the clipboard data without > the unsuspecting user ever knowing. This is incorrect, it's specifically mentioned in a setting in the UA to allow or deny this behaviour, you can have it set to disallow/prompt or allow as per normal security settings in IE. > 2. UAs should (or even must) make it so that the "clipboard data read and > write" features are only opt-in, not opt-out. These are security and a specification is not the best place for discussing security - the reason being any UI will choose security over spec conformance anyway, and deciding the exact methods to be secure is down to the situation and the design of the browser. A spec should specify how it should be done, it should do no more than highlight potential security problems of allowing unrestricted access to API's in informative notes. > 3. Developers should have some DOM events that allow them to monitor the > clipboard data (cut/copy/paste and probably even selection deletion). All > these must work only after the user confirms access. No specification should require a specific UI. > 3. This sandboxed clipboard is per page: script won't have access to > clipboard data of other pages opened in other tabs/windows in the same UA. That becomes very complicated with 2 or more pages accessing a clipboard at the same time, are you expecting multiple clipboards - that would be confusing for users I think. > (I know this post goes a bit "off-topic" since it's not only about > security concerns.) :-) Cheers, Jim.
Received on Sunday, 5 March 2006 20:16:34 UTC